cvs commit: jakarta-turbine-stratum/src/java/org/apache/stratum/jcs/utils/servlet BasicHttpAuthenticator.java

Mon, 14 Jan 2002 22:46:40 -0800 

asmuts      02/01/14 22:49:14

  Added:       src/java/org/apache/stratum/jcs/utils/servlet
                        BasicHttpAuthenticator.java
  Log:
  no message
  
  Revision  Changes    Path
  1.1                  
jakarta-turbine-stratum/src/java/org/apache/stratum/jcs/utils/servlet/BasicHttpAuthenticator.java
  
  Index: BasicHttpAuthenticator.java
  ===================================================================
  package org.apache.stratum.jcs.utils.servlet;
  
  import org.apache.stratum.jcs.utils.config.*;
  import org.apache.stratum.jcs.utils.log.*;
  
  import java.io.*;
  
  import javax.servlet.http.*;
  
  import sun.misc.BASE64Decoder;
  
  /**
   * Used to perform basic http authentication.
   */
  public class BasicHttpAuthenticator {
      /** Contains the "WWW-Authenticate" http response header. */
      private final String wwwAuthHeader;
      private Logger log;
      /**
       * @param jcs the jcs parameter used to specify the "WWW-Authenticate" http 
response header.
       */
      public BasicHttpAuthenticator(String jcs) {
        this.wwwAuthHeader = "BASIC jcs=\"" + jcs + "\"";
        log = LoggerManager.getLogger(this);
      }
      /** Authenticates the http <code>"Authorization"</code> header information. */
      public final boolean authenticate(HttpServletRequest req, HttpServletResponse 
res) {
        try {
          if (!authorized(req.getHeader("Authorization")))
          {
              res.setContentType("text/html");
              res.setHeader("WWW-Authenticate", wwwAuthHeader);
              res.sendError(res.SC_UNAUTHORIZED);
              return false;
          }
        } catch(IOException ex) {
          log.warn(ex.getMessage());
          return false;
        }
        return true;
      }
      /**
       * Returns true iff the given "Authorization" http request header contains
       * authorized user id and password.
       */
      private boolean authorized(String authHeader) throws IOException {
          if (authHeader == null || authHeader.length() < 9)
              return false;
          // Get encoded user and password, comes after "BASIC "
          String userpassEncoded = authHeader.substring(6);
  
          BASE64Decoder dec = new BASE64Decoder();
          String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
          int idx = userpassDecoded.indexOf(':');
  
          if (idx == -1)
              return false;
          String userid = userpassDecoded.substring(0, idx);
          String password = userpassDecoded.substring(idx+1);
  
          if (userid.trim().length() <= 0 || password.trim().length() <= 0)
              return false;
          return checkPassword(userid, password);
      }
      /**
       * Default implementation of checking the password.
       * @return true iff the given user id and password is valid.
       */
      protected boolean checkPassword(String userid, String password) {
        return userid.equalsIgnoreCase(IUtilConstants.ADMIN_USERID)
            && password.equals(IUtilConstants.ADMIN_PASSWORD);
      }
  }
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to